Administering user accounts

Copying user accounts between SCO OpenServer and UnixWare systems

You can use the ap command to copy user accounts between UnixWare® 7 and UnixWare 2.1 systems. The ap(ADM) command on an SCO OpenServer(TM) system can also be used to create a profile containing all account data for one or more users. You can use the ap(1M) command on a UnixWare system to read such profiles and to recreate the associated user accounts.

NOTE: See the ap(1M) manual page for information about limitations on the information that can be transferred.

You do not need to use ap if you use an NIS server to distribute information about user accounts.

On an UnixWare system, ap gathers account information from the /etc/passwd file and the I&A database. On an SCO OpenServer system, ap gathers account information from the /etc/passwd file and the Protected Password database. Irrelevant information about the user (including unsuccessful login attempts, unsuccessful password changes, and the location and time of the last login) is not included in the profile.

To create a profile and install it on a UnixWare 7 system:

  1. Log in as root on the system where the accounts reside, and enter the following command:

    ap -d -v usernames > profile.acct

    usernames is a list of one or more user names.

  2. Use tar, cpio, and any other suitable command to move the profile.acct file to the machine on which the accounts are to be created.

  3. Log in as root (or as a user with the dacread and dacwrite privileges) on the target UnixWare 7 system.

  4. As long passwords are supported in different ways in SCO OpenServer and UnixWare 7, there are two ways that you can create a user account from the profile depending on how you want to handle user accounts that have long passwords.

    The first method truncates long passwords to 8 characters. Enter the following command:

    ap -r -f profile.acct usernames

    The new accounts should now be in place and ready for use. The ap command will warn you if a user's password was longer than 8 characters and had to be truncated. You should inform the user that they should only enter the first 8 characters of their password when they first log in. They will also be required to change their password at this time.

    The second method allows you to specify a clear text password using the -p option:

    ap -r -f profile.acct -p password usernames

    All users in the list of user names whose existing password was longer than 8 characters will be assigned the same password. These users will be prompted to change their password when they first log in. For example, if the users joe and pascal both had passwords that were longer than 8 characters, the following command would set their login password to ``Global1'':

    ap -r -f profile.acct -p Global1 joe dewi sam pascal

    sam and dewi's passwords would remain unchanged provided that these were each less than 9 characters long.

    If you want joe and pascal to have different initial passwords, invoke the command separately for each user, for example:

    ap -r -f profile.acct -p Hidden1 joe
    ap -r -f profile.acct -p Secret1 pascal

Next topic: Troubleshooting the Account Manager
Previous topic: Configuring the shadow password file

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004